From: Alan Huang <mmpgouride@gmail.com>
Date: Fri, 7 Mar 2025 16:58:27 +0000 (+0800)
Subject: bcachefs: Fix b->written overflow
X-Git-Tag: v6.14-rc7~26^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a04334d6282d08fbdd6201e374db17d31927ba3;p=thirdparty%2Flinux.git

bcachefs: Fix b->written overflow

When bset past end of btree node, we should not add sectors to
b->written, which will overflow b->written.

Reported-by: syzbot+3cb3d9e8c3f197754825@syzkaller.appspotmail.com
Tested-by: syzbot+3cb3d9e8c3f197754825@syzkaller.appspotmail.com
Signed-off-by: Alan Huang <mmpgouride@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---

diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c
index dece27d9db04e..756736f9243d7 100644
--- a/fs/bcachefs/btree_io.c
+++ b/fs/bcachefs/btree_io.c
@@ -1186,7 +1186,7 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca,
 			     le64_to_cpu(i->journal_seq),
 			     b->written, b->written + sectors, ptr_written);
 
-		b->written += sectors;
+		b->written = min(b->written + sectors, btree_sectors(c));
 
 		if (blacklisted && !first)
 			continue;